Bug#810984: openssh-client: CVE-2016-0777

To: Yves-Alexis Perez <corsac@debian.org>, 810984@bugs.debian.org
Subject: Bug#810984: openssh-client: CVE-2016-0777
From: Christoph Anton Mitterer <calestyo@scientia.net>
Date: Thu, 14 Jan 2016 16:05:02 +0100
Message-id: <[🔎] 1452783902.6431.5.camel@scientia.net>
Reply-to: Christoph Anton Mitterer <calestyo@scientia.net>, 810984@bugs.debian.org
In-reply-to: <[🔎] 1452783667.15013.34.camel@debian.org>
References: <[🔎] 145278298014.18673.18301614226224040892.reportbug@heisenberg.scientia.net> <[🔎] 1452783667.15013.34.camel@debian.org>

On Thu, 2016-01-14 at 16:01 +0100, Yves-Alexis Perez wrote:
> Thanks for the report, yes we're aware of it.
The announcement doesn't read *that* extremely bad (well depends a bit
on whether one connects to untrusted systems), though,... thus maybe
the severity of this can be lowered.
OTOH, since it may allow an attacker to gain the local key (including
root's) one may still consider the severity to be appropriate).

Cheers,
Chris.

Attachment: smime.p7s
Description: S/MIME cryptographic signature

Reply to:

References:
- Bug#810984: openssh-client: CVE-2016-0777
  - From: Christoph Anton Mitterer <calestyo@scientia.net>
- Bug#810984: openssh-client: CVE-2016-0777
  - From: Yves-Alexis Perez <corsac@debian.org>

Prev by Date: Bug#810984: openssh-client: CVE-2016-0777
Next by Date: Bug#810984: openssh-client: CVE-2016-0777
Previous by thread: Bug#810984: openssh-client: CVE-2016-0777
Next by thread: Bug#810984: openssh-client: CVE-2016-0777
Index(es):
- Date
- Thread